Astra Linux – Vulnerability in liblivemedia

Live555 version 1.08 does not handle MPEG-1 or 2 files properly. Sending two consecutive RTSP SETUP commands for the same track causes a use-after-free error and results in a crash of the daemon...

Astra Linux – Vulnerability in liblivemedia

A heap-use-after-free vulnerability was discovered in live555 version 2023.05.10 while handling the SETUP process...

CVE-2024-4957

The Frontend Checklist WordPress plugin through 2.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-5473 Simple Photoswipe <= 0.1 - Admin+ Stored XSS

The Simple Photoswipe WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-5169

CVE-2024-5169 affects the Video Widget WordPress plugin (versions ≤ 1.2.3). The vulnerability arises from insufficient sanitisation/escaping of widget settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite). Public‑facing advi...

CVE-2024-4957 Frontend Checklist <= 2.3.2 - Admin+ Stored XSS

The Frontend Checklist WordPress plugin through 2.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Malicious code in flaks-setup (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-5143 Malicious code in flaks-setup (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in brrerrere (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bbd947456326518e8c61c9de4304c1730cd37cb7b7cc936f9d4880cd8417f086 Installing the package starts an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2023-12-fefeefrr...

Change in Android Enterprise configuration for XenMobile On-premises environment.

Awareness for XenMobile On-premises server admins about the Android Enterprise configuration first time setup...

SUSE CVE-2022-48728

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix AIP early init panic An early failure in hfi1ipoibsetuprn can lead to the following panic: BUG: unable to handle kernel NULL pointer dereference at 00000000000001b0 PGD 0 P4D 0 Oops: 0002 1 SMP NOPTI Workqueue: event...

CVE-2024-4755

The Google CSE WordPress plugin through 1.0.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-4384

The CSSable Countdown WordPress plugin through 1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-4755 Google CSE <= 1.0.7 - Admin+ Stored XSS

The Google CSE WordPress plugin through 1.0.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-4755 Google CSE <= 1.0.7 - Admin+ Stored XSS

The Google CSE WordPress plugin through 1.0.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-4384 CSSable Countdown <= 1.5 - Admin+ Stored XSS

The CSSable Countdown WordPress plugin through 1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

SUSE CVE-2021-47586

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwmac-rk: fix oob read in rkgmacsetup KASAN reports an out-of-bounds read in rkgmacsetup on the line: while ops-regsi This happens for most platforms since the regs flexible array member is empty, so the memory after...

UBUNTU-CVE-2022-48728

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix AIP early init panic An early failure in hfi1ipoibsetuprn can lead to the following panic: BUG: unable to handle kernel NULL pointer dereference at 00000000000001b0 PGD 0 P4D 0 Oops: 0002 1 SMP NOPTI Workqueue: event...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel, which stems from an error in parameter checking in the drm/msm/dpu module dpusetupdspppcc...

DEBIAN-CVE-2021-47586

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwmac-rk: fix oob read in rkgmacsetup KASAN reports an out-of-bounds read in rkgmacsetup on the line: while ops-regsi This happens for most platforms since the regs flexible array member is empty, so the memory after...